Side channel analysis (SCA) is a technique that can be used to observe portions of a cryptographic process, such as a public/private key encryption or decryption process. SCA is carried out by observing operational characteristics of the cryptographic process implemented in hardware such as, for example, operation timing, power consumption or electromagnetic signature, to determine parameters of the cryptographic process. A processor carrying out a cryptographic process can be monitored to detect electromagnetic pulses related to operations involved in the cryptographic process, for example. An SCA attack on a cryptographic process analyzes, e.g., electromagnetic pulses from a processor carrying out a cryptographic process, to deduce the content of an encryption key. Determination of the encryption key with an SCA attack can render the encryption unsecure.
Two different cryptographic processes are typically implemented for communication over a network using public/private key pair encryption or decryption, an RSA operation and an ECC operation. The RSA process (RSA represents the initials for the creators of the underlying algorithm, Ron Rivest, Adi Shamir and Leonard Adleman) uses encryption keys that represent exponents used in a calculation to encrypt or decrypt blocks of symbols. A processor carrying out operations to implement the RSA process is typically configured to group operations between operations that square operands and operations that multiply operands for execution efficiency. The squaring operations and the multiplying operations are treated differently by the processor executing the RSA process. Typically, squaring can be done more efficiently within the processor than multiplying, and the difference in operations can be observed using SCA. An SCA attack on the RSA process typically seeks to determine when either of the square or multiply operations are carried out, and then relates those operations the cryptographic process. The selection of a squaring or a multiplying operation carried out in an RSA process is sensitive to the bits that form the encryption key. A processor carrying out the RSA process can be monitored for a number of parameters, such as signal timing, power consumption, or electromagnetic signatures, to detect the square or multiply operations and to deduce the bits of the encryption key that cause the operations to be carried out. For example, referring to FIG. 1, a trace 100 of electromagnetic radiation observed from a processor carrying out an RSA cryptographic process may be detected by monitoring the processor. Portions of the trace annotated with S or M, if detected, may be interpreted to indicate that the processor performed a square (S) operation or a multiply (M) operation, respectively.
The ECC (Elliptic Curve Cryptography) process uses public key cryptography similar to the RSA process. However, a processor implementing the ECC process typically executes a number of doubling and addition operations for encryption or decryption. The doubling operation is typically executed more efficiently on the processor than the adding operation, and the difference is observable using SCA. Selection of the doubling or adding operations in the EEC process execution is often sensitive to the bits of an encryption key. An SCA attack on the ECC process typically seeks to determine when either of the doubling or addition operations is carried out, and then relates those operations to the ECC process and the bits that form the encryption key. A processor carrying out the ECC process can be monitored for a number of parameters, such as signal timing, power consumption, or electromagnetic signatures, to detect the doubling or addition operations and to deduce the bits of the encryption key that relate to the operations being carried out.